WorldLII Home | Databases | WorldLII | Search | Feedback

EPIC Alert

You are here:  WorldLII >> Databases >> EPIC Alert >> 1998 >> [1998] EPICAlert 7

Database Search | Name Search | Recent Articles | Noteup | LawCite | Help

EPIC Alert 5.07 [1998] EPICAlert 7


Volume 5.07 May 27, 1998

Published by the Electronic Privacy Information Center (EPIC)
Washington, D.C.
*** 1998 EPIC Cryptography and Privacy Conference ***
June 8, 1998

Table of Contents

[1] White House Announces Privacy Initiative
[2] Privacy Self-Regulation Not Making the Grade
[3] EPIC Urges Rejection of FBI Wiretap Initiative
[4] Clinton Issues "Cyber Threat" Directive
[5] New Report Finds Identity Theft Increasing
[6] Senate Approves Anti-Spam Bill
[7] New Congressional Bills and Upcoming Hearings
[8] Upcoming Conferences and Events

[1] White House Announces Privacy Initiative

In a graduation speech at New York University on May 14, Vice PresidentGore unveiled a new White House initiative on privacy. Gore announcedthat the administration is pursuing a "new comprehensive action planthat will give people more control over their personal information."
He told the audience that "we need an electronic bill of rights forthis electronic age."

The initiative consists of four areas:

* An executive order signed by President Clinton ordering federalagencies to review their records to ensure that they are in compliancewith the Privacy Act of 1974, and to assign an official in each agencyto responsible for examining how new technologies affect privacy.

* A call to Congress to enact a medical privacy bill. The VicePresident said that the bill should restrict how medical records can beused, allow for correction, and allow patients to access informationabout them.

* A new website sponsored by the Federal Trade Commission (located at that will enable individuals to contactcompanies to ask to be removed from marketing lists. The site willalso provide contact information for state motor vehicle departments.

* A White House summit to be held in June to discuss privacy. Thesummit will "bring privacy and consumer groups together with industryofficials to explore privacy on the Internet as well as children'sprivacy."

The initiative is mainly a re-packaging of previous White Houseprivacy-related efforts. The executive order requires agencies to takesteps already required by the Privacy Act of 1974; the 1996Kennedy-Kassebaum health care bill requires Congress to enact a medicalprivacy law by this year. The White House privacy summit waspreviously scheduled for April of this year and has been delayedseveral times due to controversies over consumer and privacy groupsrepresentation and the event's focus on promoting self-regulatoryapproaches.

More information on the White House initiative is available at:

[2] Privacy Self-Regulation Not Making the Grade

The federal government's examination of industry privacy practices hasrevealed serious shortcomings, according to published reports.
Advertising Age recently reported that the Federal Trade Commission'sreview of Web privacy has found that relatively few websites haveadopted comprehensive privacy guidelines. The FTC is expected totransmit its findings to Congress next month.

Similarly, Commerce Secretary William Daley told the Chicago Tribunethat, if he had to grade industry self-regulation efforts now, helikely would fail them. "It's not going very well," he said. Daley isexpected to report to the President by July 1 on how well companieshandle consumers' personal information. "Basically, nothing hashappened," another senior administration official told the Tribune.
"American business is not the most pro-active animal in the world."

The findings are likely to add new pressure for the creation ofeffective privacy protections. A Business Week/Louis Harris opinionsurvey conducted in February found that 61 percent of non-Internetusers would be more likely to use the medium if they were assured theirpersonal information would be kept private. Significantly, 53 percentof those surveyed felt lawmakers needed to take immediate action tocontrol what personal data businesses collect and how it is used.

[3] EPIC Urges Rejection of FBI Wiretap Initiative

In formal comments filed with the Federal Communications Commission onMay 20, EPIC urged the FCC to reject an FBI attempt to gain newsurveillance powers in the digital realm. The Commission isconsidering an FBI petition under the Communications Assistance to LawEnforcement Act (CALEA), a controversial 1994 law that requires thetelecommunications industry to ensure that new digital technologies donot hamper traditional law enforcement wiretapping capabilities.

The comments, filed jointly by EPIC, the American Civil Liberties Unionand the Electronic Frontier Foundation, provide a historic overview ofwiretap legislation dating back to 1968. The submission notes thatCongress has always required that privacy rights be strongly protectedand that police surveillance powers be strictly limited. The currentFCC proceeding began after negotiations between the FBI and thetelecommunications industry broke down over FBI demands for enhancedaccess to private data. Disputed issues include: whether wirelessservice providers must provide location tracking capabilities;
increased abilities to monitor conference calls; proposed access to thefull content of customer communications from carriers using packetswitching; and the scope of "call-identifying information" that must beprovided to law enforcement agencies.

The FCC proceeding is the culmination of a controversy that began inthe early 1990's when the FBI first sought a "digital telephony" law toaddress new communications technology. As the EPIC/ACLU/EFF commentsnote,

Groups dedicated to the protection of privacy expressed grave reservations in 1994 about the potential for CALEA to be used improperly by law enforcement to expand the scope of electronic surveillance; with the filing of the FBI Petition, these concerns have been realized. . . .
The FBI seeks surveillance capabilities that far exceed the capabilities the FBI has had in the past and is entitled to under the law.

Additional information on CALEA, including the full text of the EPICcomments, is available at:

[4] Clinton Issues "Cyber Threat" Directive

President Clinton announced a new government initiative on May 22 toprotect the nation's electronic infrastructure from hostile"cyberattacks." In a commencement address at the U.S. Naval Academy,
the President outlined the Administration's response to the recentreport of the President's Commission on Critical InfrastructureProtection (PCCIP).

"As we approach the 21st century, our foes have extended the fields ofbattle from physical space to cyberspace," Clinton said. "Theseadversaries may attempt cyberattacks against our critical militarysystems and our economic base. We will launch a comprehensive plan todetect, deter, and defend against attacks on our criticalinfrastructures." Acknowledging concerns that such an initiative couldthreaten civil liberties, the President said, "We do not ever underminefreedom in the name of freedom." Controversy has emerged over how muchauthority the FBI and Justice Department may be given under the newinitiative.

Under the cyber-threat policy, the PCCIP will become the CriticalInfrastructure Assurance Office (CIAO), which released a white paper onthe President's directive. The CIAO paper indicates that federalagencies must have initial procedures in place to protect the nation'sinfrastructure by the year 2000, with permanent protections in placewithin five years. The details of the new policy are contained inPresidential Decision Directive 63, which has not been released to thepublic.

The president also established a new office called the NationalCoordinator for Security, Infrastructure Protection, andCounter-Terrorism, which will be responsible for a broad range ofpolicies and programs.

More information on critical infrastructure protection, including thetext of the CIAO white paper, is available at:

[5] New Report Finds Identity Theft Increasing

The General Accounting Office released a report on May 26 finding thatcases of identity theft are increasing. The GAO found that no federalagency has primary jurisdiction over the problem and a lack of a cleardefinition is hampering efforts to track it. Credit bureaus are alsolargely ignoring the issue, with only one -- Trans Union -- keepingtrack of consumer inquiries. Its representatives told the GAO thattwo-thirds of the firm's 522,000 customer inquiries in 1997 involvedidentify theft.

One important issue is the use of the Social Security Number. The SSNis a common identifier used by many agencies and businesses and is alsofrequently used as a password by credit card companies. Possession ofan SSN makes it possible to steal an identity. The Social SecurityAdministration reported that there were 1153 investigations for SSNmisuse in 1997, up from 305 in 1996. The Justice Department reportedthat it prosecuted over 2000 cases of SSN misuse between 1992 and 1997.

In response to concerns about privacy and identity theft, Rep. JerryKleczka (D-WI) last year introduced H.R. 1813, the Personal InformationPrivacy Act of 1997. The bill would limit the sale of personalinformation by credit bureaus, the use of SSNs for commercial purposes,
and the dissemination of SSNs by state motor vehicle departments. TheAssociated Credit Bureaus, a trade association, told the GAO itsmembers made "tens of millions of dollars annually" selling informationfrom credit reports to marketers, merchants and others.

The report also discussed the role of encryption in preventing crime.
Representatives of the Secret Service told the GAO that "withouteffective encryption measures, Internet-related identity fraud willincrease."

[6] Senate Approves Anti-Spam Bill

The Senate unanimously approved a bill restricting unsolicitedcommercial email (spam) on May 14. The bill requires that "a personwho transmits an unsolicited commercial electronic mail message" shalldisplay their name, physical address, phone number, and information onhow to be removed from the mailing list. Such senders are alsoprohibited from forging any of the message's routing information. TheFederal Communications Commission can investigate and impose fines of$15,000. Spammers who receive requests not to send further email mustcomply or face penalties.

The bill as introduced and approved by the Senate Commerce Committeeonly prohibited the practice known as "slamming" -- changing telephonesubscribers over to other long distance services without their consent.
On the Senate floor, Sens. Murkowski (R-AK) and Torricelli (D-NJ)
introduced an amendment which incorporated provisions of S. 771, ananti-spam bill.

Another amendment introduced by Sen. Feinstein (D-CA), prohibitinghealth care providers from monitoring telephone calls with patients,
was also approved. The amendment requires that all parties consent tothe recording of conversations. It also requires that patients havethe option of requesting that their conversations not be recorded.

More information on spam is available at:

[7] New Congressional Bills and Upcoming Hearings

* New Bills *

H.R.3900. Consumer Health and Research Technology (CHART) ProtectionAct. A bill to establish Federal penalties for prohibited uses anddisclosures of individually identifiable health information, toestablish a right in an individual to inspect and copy their own healthinformation, and for other purposes. Allows disclosure to governmentwithout warrant and researchers with little need. Introduced by Rep.
Shays (R-CT) on May 19. Referred to the Committee on Commerce, and inaddition to the Committees on Ways and Means, and Government Reform andOversight.

S.1987. Child Protection and Sexual Predator Punishment Act of 1998.
Increases penalties for transmitting obscene materials to minors,
contacting minors using net "for the purpose of engaging in any sexualactivity". Introduced by Rep. Dewine (R-OH) on April 24. Referred tothe Committee on the Judiciary.

S. 2022. Crime Identification Technology Act of 1998. Provides grantsto states to upgrade systems for interstate sharing of records,
fingerprints, background checks, DNA data bases and other information.
Introduced by Rep. Dewine (R-OH) on April 30. Referred to the Committeeon the Judiciary. Approved by Judiciary Committee on May 21.

S.2052. Intelligence Authorization Act for Fiscal Year 1999.
Intelligence Funding bill. Allows law enforcement to ask for penregisters in "national security" cases with very low standard.
Introduced by Sen. Shelby (R-AL) on May 7. Approved by IntelligenceCommittee on May 7. Referred to the Committee on Armed Services.

S.2067. Encryption Protects the Rights of Individuals from Violationand Abuse in CYberspace (E-PRIVACY) Act. Relaxes export controls oncrypto, prohibits mandatory key escrow, creates "NET Center" for FBI,
creates new criminal penalties. Sponsored by Sens. Ashcroft (R-MO) andLeahy (D-VT) on May 12. Referred to the Committee on the Judiciary.

S.2103. Personal Privacy Protection Act. Anti-paparazzi bill.
Introduced by Sen. Feinstein (D-CA) on May 20. Referred to theCommittee on the Judiciary.

S.2107. Electronic Commerce Enhancement Act. Creates legal frameworkfor digital signatures. Introduced by Sen. Abraham (R-MI).

* Bills Approved *

H.R.2652. Collections of Information Antipiracy Act. Creates propertyright in databases of information, even if public domain information.
Introduced by Rep. Coble (R-NC). Approved by House on voice vote onMay 19. Referred to Senate Judiciary Committee.

S.2037. An original bill to amend title 17, United States Code, toimplement the WIPO Copyright Treaty and the WIPO Performances andPhonograms Treaty, to provide limitations on copyright liabilityrelating to material online, and for other purposes. Introduced bySen. Hatch (R-UT). Approved by Senate on May 14, 1998 (99-0).

** Hearings **

June 4, 1998. House Commerce Committee. Subcommittee on Finance andHazardous Materials hearing on Electronic Commerce: New Methods forMaking Electronic Purchases. 2123 RHOB. 10:00 a.m.

An updated list of the over 100 bills pending in Congress that relateto privacy and free speech is available at:

[8] Upcoming Conferences and Events

SCRAMBLING FOR SAFETY: Privacy, security and commercial implicationsof the UK and EU crypto policy announcements. 29th May 1998. London,
UK. Sponsored by Cambridge University. contact:
Public Forum on Personal Information Privacy. May 30, 1998. Waukesha,
WI. Sponsored by Rep. Kleczka. Contact: Monette Goodrich (202)

Ethics and Technology. June 5-6. San Jose, CA. Sponsored by Santa ClaraUniversity. Contact:

Hack It 98. June 5-7. Florence, Italy. Contact:
1998 EPIC Cryptography and Privacy Conference. June 8, 1998.
Washington, DC. Sponsored by EPIC, Harvard University and London Schoolof Economics. Contact:

Net Censorship In Europe. June 9, 1998. Washington, DC. Sponsored bythe Freedom Forum. Contact:
INET'98, July 21-24, 1998, Geneva, Switzerland. Sponsored by InternetSociety. Contact:

Advances in Social Informatics and Information Systems, Baltimore, MD,
Aug. 14-16, 1998. Sponsored by the Association for Information SystemsContact:
Telecommunications Policy Research Conference. October 3-5, 1998Alexandria, Virginia. Contact:

CPSR Annual Conference - Internet Governance. Boston, Mass, Oct.
10-11. Sponsored by CPSR. contact:
PDC 98 - the Participatory Design Conference, "BroadeningParticipation" November 12-14, 1998. Seattle, Washington. Sponsored byComputer Professionals for Social Responsibility in cooperation withACM and CSCW 98. Contact:
Computer Ethics. Philosophical Enquiry 98 (CEPE'98). 14-15 December1998 London, UK. Sponsored by by ACMSIGCAS and London School ofEconomics.
1999 RSA Data Security Conference. San Jose, California, January18-21, 1999. Sponsored by RSA. Contact:

(Send calendar submissions to

Subscription Information

The EPIC Alert is a free biweekly publication of the ElectronicPrivacy Information Center. To subscribe or unsubscribe, send emailto with the subject: "subscribe" (no quotes) or"unsubscribe". A Web-based form is available at:
Back issues are available at:

About EPIC

The Electronic Privacy Information Center is a public interestresearch center in Washington, DC. It was established in 1994 tofocus public attention on emerging privacy issues such as the ClipperChip, the Digital Telephony proposal, national ID cards, medicalrecord privacy, and the collection and sale of personal information.
EPIC is sponsored by the Fund for Constitutional Government, anon-profit organization established in 1974 to protect civil libertiesand constitutional rights. EPIC publishes the EPIC Alert, pursuesFreedom of Information Act litigation, and conducts policy research.
For more information, e-mail, orwrite EPIC, 666 Pennsylvania Ave., SE, Suite 301, Washington, DC20003. +1 202 544 9240 (tel), +1 202 547 5482 (fax).

If you'd like to support the work of the Electronic PrivacyInformation Center, contributions are welcome and fullytax-deductible. Checks should be made out to "The Fund forConstitutional Government" and sent to EPIC, 666 Pennsylvania Ave.,
SE, Suite 301, Washington DC 20003. Individuals with First Virtualaccounts can donate at
Your contributions will help support Freedom of Information Act andFirst Amendment litigation, strong and effective advocacy for theright of privacy and efforts to oppose government regulation ofencryption and funding of the digital wiretap law.

Thank you for your support.

END EPIC Alert 5.07

WorldLII: Copyright Policy | Disclaimers | Privacy Policy | Feedback